nanog mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Experience with Open Source load balancers?

From: jkrejci () usinternet com
Date: Wed, 18 May 2011 01:17:48 +0000
In response to your query on dnssec in the browser, I use this.

https://addons.mozilla.org/en-us/firefox/addon/dnssec-validator/

------Original Message------
From: Jimmy Hess
To: Mark Andrews
Cc: Welch, Bryan
Cc: nanog () nanog org
Subject: Re: Experience with Open Source load balancers?
Sent: May 17, 2011 7:07 PM

On Tue, May 17, 2011 at 6:23 PM, Mark Andrews <marka () isc org> wrote:
[snip]


Better still would be for them to return AAAA records but until one
is ready to do that the negative responses need to be correct.


Hm... better would be for  load balancers operate transparently at Layer 3 and
not tamper with the contents of answers from proper DNS servers.

Eating traffic based on application content, or turning  NOERROR,
0 matches into  NXDOMAIN is seriously f***'ed up.


I look forward to more domains having DS records published by TLDs w/
signed zones...
and possibly browsers displaying warnings trying to visit HTTPS
domains without a signed zone.

perhaps load balancers/middle box manufacturers will start to become a
little bit more honest
in what they do with DNS traffic  :)

--
-JH



Sent via BlackBerry from T-Mobile
Previous By Date Next
Previous By Thread Next

Current thread: